
means, operatively coupled to the means for providing, for associating a 
digital signature of a central security policy rule data distribution source to the 
variable security policy rule data; 

means for storing the digital signature and the variable policy rule data; and 
network node means, operatively coupled to the storage means, for 
periodically obtaining the digital signature and the variable policy rule data from 
the means for storing, and not from a forwarded signed message, and for analyzing 
the variable policy rule data to facilitate unilateral security policy enforcement at a 
network node level. 




] 9. (Amended) The computer network system of claim 1 wherein the variable policy 
! rule data includes [differing] policy rule data on a per application basis for a 

| plurality of software applications supported by at least one network node [and 

| wherein the at least one network node includes means for facilitating 

, cryptographic processing of data that is accessible by the plurality of software 

applications]. 

j 

I 12. (Amended) A computer network security system having enforceable security 

policy provision comprising: 

means for storing variable security policy rule data for use by a network 

node; and 

means, operatively coupled to the means for storing, for securely providing 
the variable security policy rule data for distribution to at least one network node 
to facilitate unilateral security policy enforcement at a network node level. 

from the means for storing, and not from a forwarded signed message, 



16. (Once Amended) A method for providing enforceable security policy provisions 
comprising: 





providing variable security policy rule data for distribution to at least one 
network node; 

associating a digital signature of a central security policy rule data 

distribution source to the variable security policy rule data; 

storing the digital signature and the variable policy rule data; and 
periodically obtaining the digital signature and the variable policy rule data A 

not forwarded with a signed message, and analyzing the variable policy rule data 

to facilitate unilateral security policy enforcement. 



25. (Once Amended) A method for providing enforceable security policy provision 
comprising: 

storing variable policy rule data for use by a network node; and 
securely providing the variable security policy rule data for distribution to 
at least one network node other than through a forwarded signed message to 
facilitate unilateral security policy enforcement at a network node level. 

29. (Once Amended) A computer having enforceable security policy provision 
comprising: 

means for obtaining variable policy rule data from a central security policy 
rule data distribution source and not from a forwarded signed message ; 

means, operatively coupled to the means for obtaining, for analyzing the 
variable policy rule data; and 

means, responsive to the means for analyzing the variable policy rule data, 
for facilitating unilateral security policy enforcement at a network node level 
based on the variable policy rule data. 



an 



34. ( Once Amended) A storage medium for storing programming instructions that, 
when read by a processing unit, causes the processing unit to provide enforceable 
security policy provision, the storage medium comprising: 



